@superawesome/permissions

Version:

Fine grained permissions / access control with ownerships & attribute picking, done right.

permissions.docs.superawesome.com

78 lines (68 loc) • 4.15 kB

TypeScript

import { GrantPermitQuery, Tid, TlimitOwnReduce } from './types'; import { Permit } from './Permit.class'; import { PermissionDefinition, PermissionDefinitionDefaults, PermissionDefinitionInternal } from './PermissionDefinitions'; /** The options passed at the `Permissions` constructor */ export interface IPermissionsOptions<TUserId extends Tid = number, TResourceId extends Tid = number> { permissionDefinitions?: PermissionDefinition<TUserId, TResourceId> | PermissionDefinition<TUserId, TResourceId>[]; permissionDefinitionDefaults?: PermissionDefinitionDefaults; limitOwnReduce?: TlimitOwnReduce<TUserId, any>; } /** The main class - see [Basic Usage](/additional-documentation/basic-usage.html) */ export declare class Permissions<TUserId extends Tid = number, TResourceId extends Tid = number> { private _permissionDefinitionsInternal; private _accessControl; private _acre; private _rolesNotFound; private roles; private _limitOwnReduce; private _isBuilt; constructor({ permissionDefinitions, permissionDefinitionDefaults, limitOwnReduce, }?: IPermissionsOptions<TUserId, TResourceId>); addDefinitions(permissionDefinitions: PermissionDefinition<TUserId, TResourceId> | PermissionDefinition<TUserId, TResourceId>[], permissionDefinitionDefaults?: PermissionDefinitionDefaults): void; /** * Check is this Permissions instance has been built (so no more .addDefinitions() allowed) */ get isBuilt(): boolean; build(): this; /** The `grantPermit()` is the way to *query* the Permissions instance for granting permissions to a User. The method responds with an instance of [Permit](/classes/Permit.html) that holds all known information about the queried **user**, **resource** and **action**. In short, the question is "can some of `user.roles` perform `action` either a) on **any** `resource` or b) on an **own** `resource` (AND the specific `resourceId` if passed)? We are checking all roles for both **any** & **own**, while collecting all `isOwner` & `listOwned` and feed all known information into a **Permit** object. @return Promise<Permit> a Promise of a [Permit](/classes/Permit.html) instance. */ grantPermit({ user, action, resource, resourceId, }: GrantPermitQuery<TUserId, TResourceId>): Promise<Permit<TUserId, TResourceId>>; getRoles(): string[]; getResources(): string[]; getActions(): string[]; /** * Returns a deep clone of [`AccessControl#getGrants()`](https://onury.io/accesscontrol/?api=ac#AccessControl#getGrants) (which according to its docs `Gets the internal grants object that stores all current grants.`), but omitting empty arrays eg `'rollover:any': []`. * * @see https://onury.io/accesscontrol/?api=ac#AccessControl#getGrants */ getGrants(): object; compare(permissions1: Permissions<any, any>, permissions2?: Permissions<any, any>): any; /** Returns a list of the `PermissionDefinition` objects stored in this instance, with optional filtering & consolidations removing duplicates and redundant grants (**WARNING**: this is experimental) @param filter allows you to filter PDs: * Use an object eg `{ resource: 'document' }` as the `_.matches` iteratee shorthand. If this `_.matches` object is used, the props used for filtering are considered "default" and are omitted from each PD. * OR use a function returning boolean for each PD, eg (pd) => pd.resource === 'document' See https://lodash.com/docs/4.17.11#filter @param consolidateFlag is **experimental**, it tries to consolidate PermissionDefinitions, remove duplicates and merge compatible ones */ getDefinitions(filter?: { [key: string]: any; }, consolidateFlag?: boolean | 'force'): Partial<PermissionDefinitionInternal>[]; private ensureHasBuild; private ensureHasNotBuild; /** * * @param pdi a PermissionDefinitionInternal * @param strict true means we dont care if redefining action is _.equal. Duplicating is bad enough! */ private filterPDsWithDuplicateGrantActions; }